- Dec 30, 2012
- 4,809
We knew this already, but a nice read nevertheless!!
Like many of you, I am concerned about the telemetry, spying and other surveillance features, known or unknown, of Windows 10. It has concerned me enough to push me to Linux Mint as my main operating system. Even so, I wanted to better understand Windows 10, but internet search results for a decent windows 10 traffic analysis leave a lot to be desired. As such, I decided to do my own investigating on what, exactly, Windows 10 is doing traffic-wise, and post the results. For this analysis, I wanted to simply analyse the network traffic of Windows 10 on a clean install, and just let it sit and run without using it.
What I have done for this analysis:
individual connection attempts by IP address,port, and protocol:
select distinct(ip_address),port,protocol,count(ip_address) as attempts from rejected_connections group by ip_address order by attempts desc;
Read the full analysis HERE
Like many of you, I am concerned about the telemetry, spying and other surveillance features, known or unknown, of Windows 10. It has concerned me enough to push me to Linux Mint as my main operating system. Even so, I wanted to better understand Windows 10, but internet search results for a decent windows 10 traffic analysis leave a lot to be desired. As such, I decided to do my own investigating on what, exactly, Windows 10 is doing traffic-wise, and post the results. For this analysis, I wanted to simply analyse the network traffic of Windows 10 on a clean install, and just let it sit and run without using it.
What I have done for this analysis:
- I have installed DD-WRT on a router connected to the internet and configured remote logging to the Linux Mint laptop in #2.
- I have installed Linux Mint on a laptop, and setup rsyslog to accept remote logging from the DD-WRT router.
- I have installed Virtualbox on the Linux Mint laptop, and installed Windows 10 EnterprisePNG on Virtualbox. I have chosen the customized installation option where I disabled three pages of tracking options.
- I have configured the DD-WRT router to drop and log all connection attempts via iptables through the DD-WRT router by Windows 10 Enterprise.
- Aside from installing Windows 10 Enterprise, and verifying the internet connection through ipconfig and ping yahoo.com, I have not used the Windows 10 installation at all (the basis for the first part of this analysis)
- Let Windows 10 Enterprise run overnight for about 8 hours (while I slept).
- I use perl to parse the data out of syslog files and insert said data into a Mysql database.
- I use perl to obtain route data from whois.radb.net, as well as nslookup PTR data, and insert that into the Mysql database.
- Lastly, I query and format the data for analyzing.
individual connection attempts by IP address,port, and protocol:
select distinct(ip_address),port,protocol,count(ip_address) as attempts from rejected_connections group by ip_address order by attempts desc;
Read the full analysis HERE